diff -Nru lxc-2.0.1/config/apparmor/abstractions/container-base lxc-2.0.3/config/apparmor/abstractions/container-base --- lxc-2.0.1/config/apparmor/abstractions/container-base 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/config/apparmor/abstractions/container-base 2016-06-28 19:39:28.000000000 +0000 @@ -60,13 +60,6 @@ mount fstype=fuse, mount fstype=fuse.*, - # allow bind mount of /lib/init/fstab for lxcguest - mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/, - - # allow bind mounts of /run/{,lock} to /var/run/{,lock} - mount options=(rw, bind) /run/ -> /var/run/, - mount options=(rw, bind) /run/lock/ -> /var/lock/, - # deny access under /proc/bus to avoid e.g. messing with pci devices directly deny @{PROC}/bus/** wklx, @@ -100,6 +93,53 @@ # deny reads from debugfs deny /sys/kernel/debug/{,**} rwklx, + # allow paths to be made slave, shared, private or unbindable + # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts. +# mount options=(rw,make-slave) -> **, +# mount options=(rw,make-rslave) -> **, +# mount options=(rw,make-shared) -> **, +# mount options=(rw,make-rshared) -> **, +# mount options=(rw,make-private) -> **, +# mount options=(rw,make-rprivate) -> **, +# mount options=(rw,make-unbindable) -> **, +# mount options=(rw,make-runbindable) -> **, + + # allow bind-mounts of anything except /proc, /sys and /dev + mount options=(rw,bind) /[^spd]*{,/**}, + mount options=(rw,bind) /d[^e]*{,/**}, + mount options=(rw,bind) /de[^v]*{,/**}, + mount options=(rw,bind) /dev/.[^l]*{,/**}, + mount options=(rw,bind) /dev/.l[^x]*{,/**}, + mount options=(rw,bind) /dev/.lx[^c]*{,/**}, + mount options=(rw,bind) /dev/.lxc?*{,/**}, + mount options=(rw,bind) /dev/[^.]*{,/**}, + mount options=(rw,bind) /dev?*{,/**}, + mount options=(rw,bind) /p[^r]*{,/**}, + mount options=(rw,bind) /pr[^o]*{,/**}, + mount options=(rw,bind) /pro[^c]*{,/**}, + mount options=(rw,bind) /proc?*{,/**}, + mount options=(rw,bind) /s[^y]*{,/**}, + mount options=(rw,bind) /sy[^s]*{,/**}, + mount options=(rw,bind) /sys?*{,/**}, + + # allow moving mounts except for /proc, /sys and /dev + mount options=(rw,move) /[^spd]*{,/**}, + mount options=(rw,move) /d[^e]*{,/**}, + mount options=(rw,move) /de[^v]*{,/**}, + mount options=(rw,move) /dev/.[^l]*{,/**}, + mount options=(rw,move) /dev/.l[^x]*{,/**}, + mount options=(rw,move) /dev/.lx[^c]*{,/**}, + mount options=(rw,move) /dev/.lxc?*{,/**}, + mount options=(rw,move) /dev/[^.]*{,/**}, + mount options=(rw,move) /dev?*{,/**}, + mount options=(rw,move) /p[^r]*{,/**}, + mount options=(rw,move) /pr[^o]*{,/**}, + mount options=(rw,move) /pro[^c]*{,/**}, + mount options=(rw,move) /proc?*{,/**}, + mount options=(rw,move) /s[^y]*{,/**}, + mount options=(rw,move) /sy[^s]*{,/**}, + mount options=(rw,move) /sys?*{,/**}, + # generated by: lxc-generate-aa-rules.py container-rules.base deny /proc/sys/[^kn]*{,/**} wklx, deny /proc/sys/k[^e]*{,/**} wklx, diff -Nru lxc-2.0.1/config/apparmor/abstractions/container-base.in lxc-2.0.3/config/apparmor/abstractions/container-base.in --- lxc-2.0.1/config/apparmor/abstractions/container-base.in 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/config/apparmor/abstractions/container-base.in 2016-06-28 19:39:28.000000000 +0000 @@ -60,13 +60,6 @@ mount fstype=fuse, mount fstype=fuse.*, - # allow bind mount of /lib/init/fstab for lxcguest - mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/, - - # allow bind mounts of /run/{,lock} to /var/run/{,lock} - mount options=(rw, bind) /run/ -> /var/run/, - mount options=(rw, bind) /run/lock/ -> /var/lock/, - # deny access under /proc/bus to avoid e.g. messing with pci devices directly deny @{PROC}/bus/** wklx, @@ -100,3 +93,50 @@ # deny reads from debugfs deny /sys/kernel/debug/{,**} rwklx, + # allow paths to be made slave, shared, private or unbindable + # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts. +# mount options=(rw,make-slave) -> **, +# mount options=(rw,make-rslave) -> **, +# mount options=(rw,make-shared) -> **, +# mount options=(rw,make-rshared) -> **, +# mount options=(rw,make-private) -> **, +# mount options=(rw,make-rprivate) -> **, +# mount options=(rw,make-unbindable) -> **, +# mount options=(rw,make-runbindable) -> **, + + # allow bind-mounts of anything except /proc, /sys and /dev + mount options=(rw,bind) /[^spd]*{,/**}, + mount options=(rw,bind) /d[^e]*{,/**}, + mount options=(rw,bind) /de[^v]*{,/**}, + mount options=(rw,bind) /dev/.[^l]*{,/**}, + mount options=(rw,bind) /dev/.l[^x]*{,/**}, + mount options=(rw,bind) /dev/.lx[^c]*{,/**}, + mount options=(rw,bind) /dev/.lxc?*{,/**}, + mount options=(rw,bind) /dev/[^.]*{,/**}, + mount options=(rw,bind) /dev?*{,/**}, + mount options=(rw,bind) /p[^r]*{,/**}, + mount options=(rw,bind) /pr[^o]*{,/**}, + mount options=(rw,bind) /pro[^c]*{,/**}, + mount options=(rw,bind) /proc?*{,/**}, + mount options=(rw,bind) /s[^y]*{,/**}, + mount options=(rw,bind) /sy[^s]*{,/**}, + mount options=(rw,bind) /sys?*{,/**}, + + # allow moving mounts except for /proc, /sys and /dev + mount options=(rw,move) /[^spd]*{,/**}, + mount options=(rw,move) /d[^e]*{,/**}, + mount options=(rw,move) /de[^v]*{,/**}, + mount options=(rw,move) /dev/.[^l]*{,/**}, + mount options=(rw,move) /dev/.l[^x]*{,/**}, + mount options=(rw,move) /dev/.lx[^c]*{,/**}, + mount options=(rw,move) /dev/.lxc?*{,/**}, + mount options=(rw,move) /dev/[^.]*{,/**}, + mount options=(rw,move) /dev?*{,/**}, + mount options=(rw,move) /p[^r]*{,/**}, + mount options=(rw,move) /pr[^o]*{,/**}, + mount options=(rw,move) /pro[^c]*{,/**}, + mount options=(rw,move) /proc?*{,/**}, + mount options=(rw,move) /s[^y]*{,/**}, + mount options=(rw,move) /sy[^s]*{,/**}, + mount options=(rw,move) /sys?*{,/**}, + diff -Nru lxc-2.0.1/config/apparmor/abstractions/start-container lxc-2.0.3/config/apparmor/abstractions/start-container --- lxc-2.0.1/config/apparmor/abstractions/start-container 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/config/apparmor/abstractions/start-container 2016-06-28 19:39:28.000000000 +0000 @@ -15,6 +15,7 @@ mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/, mount options=bind /dev/pts/** -> /dev/**, mount options=(rw, make-slave) -> **, + mount options=(rw, make-rslave) -> **, mount fstype=debugfs, # allow pre-mount hooks to stage mounts under /var/lib/lxc// mount -> /var/lib/lxc/{**,}, diff -Nru lxc-2.0.1/config/apparmor/Makefile.in lxc-2.0.3/config/apparmor/Makefile.in --- lxc-2.0.1/config/apparmor/Makefile.in 2016-05-16 20:38:44.000000000 +0000 +++ lxc-2.0.3/config/apparmor/Makefile.in 2016-06-28 19:39:33.000000000 +0000 @@ -403,8 +403,8 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@ENABLE_APPARMOR_FALSE@uninstall-local: @ENABLE_APPARMOR_FALSE@install-data-local: +@ENABLE_APPARMOR_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic mostlyclean-am diff -Nru lxc-2.0.1/config/init/common/lxc-devsetup lxc-2.0.3/config/init/common/lxc-devsetup --- lxc-2.0.1/config/init/common/lxc-devsetup 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/config/init/common/lxc-devsetup 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -#!/bin/sh - - -# lxc.devsetup - Setup host /dev for container /dev subdirectories. - -if [ ! -d /dev/.lxc ] -then - echo "Creating /dev/.lxc" - mkdir /dev/.lxc - chmod 755 /dev/.lxc -fi - -if grep -q "/dev devtmpfs " /proc/self/mounts -then - echo "/dev is devtmpfs" -else - echo "/dev is not devtmpfs - mounting tmpfs on .lxc" - mount -t tmpfs tmpfs /dev/.lxc -fi - -if [ ! -d /dev/.lxc/user ] -then - echo "Creating /dev/.lxc/user" - mkdir /dev/.lxc/user - chmod 1777 /dev/.lxc/user -fi diff -Nru lxc-2.0.1/config/init/common/Makefile.am lxc-2.0.3/config/init/common/Makefile.am --- lxc-2.0.1/config/init/common/Makefile.am 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/config/init/common/Makefile.am 2016-06-28 19:39:28.000000000 +0000 @@ -1,2 +1,2 @@ -EXTRA_DIST = lxc-containers.in lxc-net.in lxc-devsetup -pkglibexec_SCRIPTS = lxc-containers lxc-net lxc-devsetup +EXTRA_DIST = lxc-containers.in lxc-net.in +pkglibexec_SCRIPTS = lxc-containers lxc-net diff -Nru lxc-2.0.1/config/init/common/Makefile.in lxc-2.0.3/config/init/common/Makefile.in --- lxc-2.0.1/config/init/common/Makefile.in 2016-05-16 20:38:44.000000000 +0000 +++ lxc-2.0.3/config/init/common/Makefile.in 2016-06-28 19:39:33.000000000 +0000 @@ -317,8 +317,8 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -EXTRA_DIST = lxc-containers.in lxc-net.in lxc-devsetup -pkglibexec_SCRIPTS = lxc-containers lxc-net lxc-devsetup +EXTRA_DIST = lxc-containers.in lxc-net.in +pkglibexec_SCRIPTS = lxc-containers lxc-net all: all-am .SUFFIXES: diff -Nru lxc-2.0.1/config/init/systemd/lxc.service.in lxc-2.0.3/config/init/systemd/lxc.service.in --- lxc-2.0.1/config/init/systemd/lxc.service.in 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/config/init/systemd/lxc.service.in 2016-06-28 19:39:28.000000000 +0000 @@ -6,7 +6,6 @@ [Service] Type=oneshot RemainAfterExit=yes -ExecStartPre=@LIBEXECDIR@/lxc/lxc-devsetup ExecStartPre=@LIBEXECDIR@/lxc/lxc-apparmor-load ExecStart=@LIBEXECDIR@/lxc/lxc-containers start ExecStop=@LIBEXECDIR@/lxc/lxc-containers stop diff -Nru lxc-2.0.1/config/init/systemd/lxc@.service.in lxc-2.0.3/config/init/systemd/lxc@.service.in --- lxc-2.0.1/config/init/systemd/lxc@.service.in 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/config/init/systemd/lxc@.service.in 2016-06-28 19:39:28.000000000 +0000 @@ -9,7 +9,7 @@ KillMode=mixed KillSignal=SIGPWR TimeoutStopSec=120s -ExecStart=@BINDIR@/lxc-start -n %i +ExecStart=@BINDIR@/lxc-start -F -n %i # Environment=BOOTUP=serial # Environment=CONSOLETYPE=serial Delegate=yes diff -Nru lxc-2.0.1/config/init/systemd/Makefile.in lxc-2.0.3/config/init/systemd/Makefile.in --- lxc-2.0.1/config/init/systemd/Makefile.in 2016-05-16 20:38:44.000000000 +0000 +++ lxc-2.0.3/config/init/systemd/Makefile.in 2016-06-28 19:39:33.000000000 +0000 @@ -476,8 +476,8 @@ @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) -@INIT_SCRIPT_SYSTEMD_FALSE@install-data-local: @INIT_SCRIPT_SYSTEMD_FALSE@uninstall-local: +@INIT_SCRIPT_SYSTEMD_FALSE@install-data-local: clean: clean-am clean-am: clean-generic mostlyclean-am diff -Nru lxc-2.0.1/config/init/sysvinit/lxc-containers.in lxc-2.0.3/config/init/sysvinit/lxc-containers.in --- lxc-2.0.1/config/init/sysvinit/lxc-containers.in 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/config/init/sysvinit/lxc-containers.in 2016-06-28 19:39:28.000000000 +0000 @@ -29,7 +29,6 @@ start() { # Setup host /dev for autodev containers. - @LIBEXECDIR@/lxc/lxc-devsetup log_daemon_msg "Starting LXC autoboot containers: " @LIBEXECDIR@/lxc/lxc-containers start } diff -Nru lxc-2.0.1/config/init/upstart/lxc.conf lxc-2.0.3/config/init/upstart/lxc.conf --- lxc-2.0.1/config/init/upstart/lxc.conf 2016-05-16 20:38:51.000000000 +0000 +++ lxc-2.0.3/config/init/upstart/lxc.conf 2016-06-28 19:39:47.000000000 +0000 @@ -45,9 +45,6 @@ fi fi - # Setup host /dev for autodev containers. - /usr/local/libexec/lxc/lxc-devsetup - [ "x$LXC_AUTO" = "xtrue" ] || exit 0 if [ -n "$BOOTGROUPS" ] diff -Nru lxc-2.0.1/config/init/upstart/lxc.conf.in lxc-2.0.3/config/init/upstart/lxc.conf.in --- lxc-2.0.1/config/init/upstart/lxc.conf.in 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/config/init/upstart/lxc.conf.in 2016-06-28 19:39:28.000000000 +0000 @@ -45,9 +45,6 @@ fi fi - # Setup host /dev for autodev containers. - @LIBEXECDIR@/lxc/lxc-devsetup - [ "x$LXC_AUTO" = "xtrue" ] || exit 0 if [ -n "$BOOTGROUPS" ] diff -Nru lxc-2.0.1/config/init/upstart/lxc-instance.conf lxc-2.0.3/config/init/upstart/lxc-instance.conf --- lxc-2.0.1/config/init/upstart/lxc-instance.conf 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/config/init/upstart/lxc-instance.conf 2016-06-28 19:39:28.000000000 +0000 @@ -17,6 +17,4 @@ lxc-wait -s RUNNING -n $NAME -t 0 && { stop; exit 0; } || true end script -script - exec lxc-start -n $NAME -end script +exec lxc-start -F -n $NAME diff -Nru lxc-2.0.1/config/init/upstart/Makefile.in lxc-2.0.3/config/init/upstart/Makefile.in --- lxc-2.0.1/config/init/upstart/Makefile.in 2016-05-16 20:38:44.000000000 +0000 +++ lxc-2.0.3/config/init/upstart/Makefile.in 2016-06-28 19:39:33.000000000 +0000 @@ -395,8 +395,8 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@INIT_SCRIPT_UPSTART_FALSE@install-data-local: @INIT_SCRIPT_UPSTART_FALSE@uninstall-local: +@INIT_SCRIPT_UPSTART_FALSE@install-data-local: clean: clean-am clean-am: clean-generic mostlyclean-am diff -Nru lxc-2.0.1/configure lxc-2.0.3/configure --- lxc-2.0.1/configure 2016-05-16 20:38:43.000000000 +0000 +++ lxc-2.0.3/configure 2016-06-28 19:39:32.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for lxc 2.0.1. +# Generated by GNU Autoconf 2.69 for lxc 2.0.3. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ # Identity of this package. PACKAGE_NAME='lxc' PACKAGE_TARNAME='lxc' -PACKAGE_VERSION='2.0.1' -PACKAGE_STRING='lxc 2.0.1' +PACKAGE_VERSION='2.0.3' +PACKAGE_STRING='lxc 2.0.3' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1453,7 +1453,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures lxc 2.0.1 to adapt to many kinds of systems. +\`configure' configures lxc 2.0.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1524,7 +1524,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of lxc 2.0.1:";; + short | recursive ) echo "Configuration of lxc 2.0.3:";; esac cat <<\_ACEOF @@ -1685,7 +1685,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -lxc configure 2.0.1 +lxc configure 2.0.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2150,7 +2150,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by lxc $as_me 2.0.1, which was +It was created by lxc $as_me 2.0.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2621,7 +2621,7 @@ fi fi -LXC_VERSION_BASE=2.0.1 +LXC_VERSION_BASE=2.0.3 @@ -2629,11 +2629,11 @@ LXC_VERSION_MINOR=0 -LXC_VERSION_MICRO=1 +LXC_VERSION_MICRO=3 LXC_VERSION_ABI=1.2.0 -LXC_VERSION=2.0.1 +LXC_VERSION=2.0.3 @@ -3154,7 +3154,7 @@ # Define the identity of the package. PACKAGE='lxc' - VERSION='2.0.1' + VERSION='2.0.3' cat >>confdefs.h <<_ACEOF @@ -10121,7 +10121,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by lxc $as_me 2.0.1, which was +This file was extended by lxc $as_me 2.0.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -10191,7 +10191,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -lxc config.status 2.0.1 +lxc config.status 2.0.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru lxc-2.0.1/configure.ac lxc-2.0.3/configure.ac --- lxc-2.0.1/configure.ac 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/configure.ac 2016-06-28 19:39:28.000000000 +0000 @@ -3,7 +3,7 @@ m4_define([lxc_version_major], 2) m4_define([lxc_version_minor], 0) -m4_define([lxc_version_micro], 1) +m4_define([lxc_version_micro], 3) m4_define([lxc_version_beta], []) m4_define([lxc_version_abi], 1.2.0) diff -Nru lxc-2.0.1/debian/changelog lxc-2.0.3/debian/changelog --- lxc-2.0.1/debian/changelog 2016-06-07 03:57:13.000000000 +0000 +++ lxc-2.0.3/debian/changelog 2016-06-29 21:26:30.000000000 +0000 @@ -1,9 +1,45 @@ -lxc (2.0.1-0ubuntu1~ubuntu14.04.1) trusty-backports; urgency=medium +lxc (2.0.3-0ubuntu1~ubuntu14.04.1) trusty-backports; urgency=medium - * Backport to trusty + * Backport to trusty (LP: #1597523) * Add a versioned build-dependency on trusty-backports' libseccomp-dev. + * Add a versioned dependency to liblxc1 on trusty-backports' cgroup-lite. - -- Stéphane Graber Mon, 06 Jun 2016 23:53:12 -0400 + -- Stéphane Graber Wed, 29 Jun 2016 17:23:18 -0400 + +lxc (2.0.3-0ubuntu1) yakkety; urgency=medium + + * New upstream bugfix release (2.0.3): + - apparmor: Refresh generated file + + * New upstream bugfix release (2.0.2): + - apparmor: add make-rslave to usr.bin.lxc-start + - apparmor: Allow bind-mounts + - apparmor: Allow mount move + - apparmor: Update mount states handling + - core: Drop lxc-devsetup as unneeded by current autodev + - core: Fix redefinition of struct in6_addr + - core: Include all lxcmntent.h function declarations on Bionic + - c/r: c/r: use criu's "full" mode for cgroups + - systemd: start containers in foreground when using the lxc@.service + - templates: debian: Make sure init is installed + - templates: oracle: Fix console login + - templates: plamo: Fix various issues + - templates: ubuntu: Install apt-transport-https by default + - travis: ensure 'make install' doesn't fail + - travis: test VPATH builds + - upstart: Force lxc-instance to behave like a good Upstart client + + * Tighten versioned dependencies between the various binary packages. + * Drop lxc-devsetup as it was removed upstream (unneeded with LXC 2.0). + + -- Stéphane Graber Wed, 29 Jun 2016 16:39:06 -0400 + +lxc (2.0.1-0ubuntu2) yakkety; urgency=medium + + * On yakkety, skip the lxc-test-ubuntu test as it requires root.tar.xz + images to be available over simplestreams which don't exist anymore. + + -- Stéphane Graber Thu, 23 Jun 2016 15:41:40 -0400 lxc (2.0.1-0ubuntu1) yakkety; urgency=medium diff -Nru lxc-2.0.1/debian/control lxc-2.0.3/debian/control --- lxc-2.0.1/debian/control 2016-06-07 03:54:42.000000000 +0000 +++ lxc-2.0.3/debian/control 2016-06-29 21:26:11.000000000 +0000 @@ -13,7 +13,7 @@ libcap-dev, libgnutls-dev, liblua5.2-dev, - libseccomp-dev (>= 2.2.3-2ubuntu1~), + libseccomp-dev (>= 2.2.3-2ubuntu1~ubuntu14.04.1), libselinux1-dev, linux-libc-dev, pkg-config, @@ -27,7 +27,7 @@ Package: lxc Architecture: all -Depends: lxc1, ${misc:Depends} +Depends: lxc1 (>= ${source:Version}), ${misc:Depends} Priority: extra Section: oldlibs Description: Transitional package for lxc1 @@ -48,7 +48,7 @@ python3-lxc (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} -Recommends: libpam-cgfs, lxc-templates (>= 0.8.0~rc1-4ubuntu43) +Recommends: libpam-cgfs, lxc-templates (= ${binary:Version}) Suggests: btrfs-tools, lvm2, lxctl Replaces: lxc (<< 2.0.0~rc2-0ubuntu1~) Breaks: lxc (<< 2.0.0~rc2-0ubuntu1~) @@ -93,7 +93,7 @@ Package: lxc-templates Architecture: linux-any -Depends: lxc1, ${misc:Depends}, ${shlibs:Depends} +Depends: lxc1 (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} Recommends: busybox-static, cloud-image-utils | cloud-utils, debootstrap | cdebootstrap, @@ -132,12 +132,12 @@ Package: liblxc1 Architecture: linux-any Pre-Depends: ${misc:Pre-Depends} -Depends: lxc-common (= ${binary:Version}), +Depends: cgroup-lite (>= 1.11~ubuntu14.04.2) | systemd, + lxc-common (= ${binary:Version}), rsync, - cgroup-lite | systemd, ${misc:Depends}, ${shlibs:Depends} -Recommends: uidmap, lxcfs +Recommends: lxcfs, uidmap Replaces: liblxc0, lxc (<< 0.9.0~alpha3-0ubuntu1~) Breaks: lxc (<< 0.9.0~alpha3-0ubuntu1~) Provides: liblxc0 @@ -153,11 +153,11 @@ Package: python3-lxc Architecture: linux-any Section: python -Depends: liblxc1 (=${binary:Version}), +Depends: liblxc1 (= ${binary:Version}), ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends} -Recommends: lxc-templates (>= 0.8.0~rc1-4ubuntu43) +Recommends: lxc-templates (= ${binary:Version}) Description: Linux Containers userspace tools (Python 3.x bindings) Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be @@ -170,12 +170,12 @@ Architecture: linux-any Section: interpreters Depends: liblua5.2-0, - liblxc1 (=${binary:Version}), + liblxc1 (= ${binary:Version}), lua-filesystem, lua5.2, ${misc:Depends}, ${shlibs:Depends} -Recommends: lxc-templates (>= 0.8.0~rc1-4ubuntu43) +Recommends: lxc-templates (= ${binary:Version}) Description: Linux Containers userspace tools (LUA bindings) Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be diff -Nru lxc-2.0.1/debian/.git-dpm lxc-2.0.3/debian/.git-dpm --- lxc-2.0.1/debian/.git-dpm 2016-05-16 21:37:24.000000000 +0000 +++ lxc-2.0.3/debian/.git-dpm 2016-06-29 20:44:42.000000000 +0000 @@ -1,8 +1,8 @@ # see git-dpm(1) from git-dpm package -7793ea53fa537004548d0f3b1b16e5823c781ddf -7793ea53fa537004548d0f3b1b16e5823c781ddf -c088641b00cc0934d652da66ce006f92e2fa51d0 -c088641b00cc0934d652da66ce006f92e2fa51d0 -lxc_2.0.1.orig.tar.gz -64f1f32228db6537fefc1c76d22e2ccd2a417b41 -1061153 +e7e2bf83a99b23a954bb70254e6b7178cc7f29ae +e7e2bf83a99b23a954bb70254e6b7178cc7f29ae +60a26b72b7a4df01261e56c31121765726300c1d +60a26b72b7a4df01261e56c31121765726300c1d +lxc_2.0.3.orig.tar.gz +02c8702d76d7af4d2c7765934b41217c7fcb88b3 +1061364 diff -Nru lxc-2.0.1/debian/lxc1.install lxc-2.0.3/debian/lxc1.install --- lxc-2.0.1/debian/lxc1.install 2016-05-16 21:37:24.000000000 +0000 +++ lxc-2.0.3/debian/lxc1.install 2016-06-29 20:44:42.000000000 +0000 @@ -5,7 +5,6 @@ lib/systemd usr/bin usr/lib/*/lxc/lxc-containers -usr/lib/*/lxc/lxc-devsetup usr/lib/*/lxc/lxc-net usr/sbin/* usr/share/apport diff -Nru lxc-2.0.1/debian/patches/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch lxc-2.0.3/debian/patches/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch --- lxc-2.0.1/debian/patches/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch 2016-05-16 21:37:24.000000000 +0000 +++ lxc-2.0.3/debian/patches/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch 2016-06-29 20:44:42.000000000 +0000 @@ -1,4 +1,4 @@ -From 7793ea53fa537004548d0f3b1b16e5823c781ddf Mon Sep 17 00:00:00 2001 +From e7e2bf83a99b23a954bb70254e6b7178cc7f29ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Tue, 3 Nov 2015 11:42:58 -0500 Subject: Allocate new lxcbr0 subnet at startup time diff -Nru lxc-2.0.1/debian/tests/exercise lxc-2.0.3/debian/tests/exercise --- lxc-2.0.1/debian/tests/exercise 2016-05-16 21:37:24.000000000 +0000 +++ lxc-2.0.3/debian/tests/exercise 2016-06-29 20:35:15.000000000 +0000 @@ -44,6 +44,9 @@ echo "SUMMARY: pass=$TEST_PASS, fail=$TEST_FAIL, ignored=$TEST_IGNORED" } +# Source distro information +[ -e /etc/lsb-release ] && . /etc/lsb-release + # The actual tests ## Default testsuite for testbin in /usr/bin/lxc-test-*; do @@ -53,6 +56,12 @@ # Some tests can't be run standalone [ "$testbin" = "/usr/bin/lxc-test-may-control" ] && continue + # Skip ubuntu tests on yakkety + if [ "${DISTRIB_CODENAME}" = "yakkety" ]; then + [ "$testbin" = "/usr/bin/lxc-test-ubuntu" ] && \ + ignore "$STRING" && continue + fi + # Skip some tests when running in a container if [ -f /run/container_type ] || (type systemd-detect-virt >/dev/null 2>&1 && systemd-detect-virt --container >/dev/null 2>&1); then [ "$testbin" = "/usr/bin/lxc-test-apparmor" ] && \ diff -Nru lxc-2.0.1/lxc.spec lxc-2.0.3/lxc.spec --- lxc-2.0.1/lxc.spec 2016-05-16 20:38:50.000000000 +0000 +++ lxc-2.0.3/lxc.spec 2016-06-28 19:39:47.000000000 +0000 @@ -60,7 +60,7 @@ %endif Name: lxc -Version: 2.0.1 +Version: 2.0.3 Release: %{?beta_rel:0.1.%{beta_rel}}%{?!beta_rel:%{norm_rel}}%{?dist} URL: http://linuxcontainers.org Source: http://linuxcontainers.org/downloads/%{name}-%{version}%{?beta_dot}.tar.gz @@ -275,7 +275,6 @@ %{_libexecdir}/%{name} %attr(4111,root,root) %{_libexecdir}/%{name}/lxc-user-nic %if %{with_systemd} -%attr(555,root,root) %{_libexecdir}/%{name}/lxc-devsetup %attr(555,root,root) %{_libexecdir}/%{name}/lxc-net %attr(555,root,root) %{_libexecdir}/%{name}/lxc-containers %endif diff -Nru lxc-2.0.1/lxc.spec.in lxc-2.0.3/lxc.spec.in --- lxc-2.0.1/lxc.spec.in 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/lxc.spec.in 2016-06-28 19:39:28.000000000 +0000 @@ -275,7 +275,6 @@ %{_libexecdir}/%{name} %attr(4111,root,root) %{_libexecdir}/%{name}/lxc-user-nic %if %{with_systemd} -%attr(555,root,root) %{_libexecdir}/%{name}/lxc-devsetup %attr(555,root,root) %{_libexecdir}/%{name}/lxc-net %attr(555,root,root) %{_libexecdir}/%{name}/lxc-containers %endif diff -Nru lxc-2.0.1/src/include/lxcmntent.h lxc-2.0.3/src/include/lxcmntent.h --- lxc-2.0.1/src/include/lxcmntent.h 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/src/include/lxcmntent.h 2016-06-28 19:39:28.000000000 +0000 @@ -36,15 +36,15 @@ extern struct mntent *getmntent_r (FILE *stream, struct mntent *mp, char *buffer, int bufsiz); #endif -#ifndef HAVE_SETMNTENT +#if !defined(HAVE_SETMNTENT) || IS_BIONIC FILE *setmntent (const char *file, const char *mode); #endif -#ifndef HAVE_ENDMNTENT +#if !defined(HAVE_ENDMNTENT) || IS_BIONIC int endmntent (FILE *stream); #endif -#ifndef HAVE_HASMNTOPT +#if !defined(HAVE_HASMNTOPT) || IS_BIONIC extern char *hasmntopt (const struct mntent *mnt, const char *opt); #endif diff -Nru lxc-2.0.1/src/lxc/criu.c lxc-2.0.3/src/lxc/criu.c --- lxc-2.0.1/src/lxc/criu.c 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/src/lxc/criu.c 2016-06-28 19:39:28.000000000 +0000 @@ -135,7 +135,7 @@ /* The command line always looks like: * criu $(action) --tcp-established --file-locks --link-remap \ - * --manage-cgroups action-script foo.sh -D $(directory) \ + * --manage-cgroups=full action-script foo.sh -D $(directory) \ * -o $(directory)/$(action).log --ext-mount-map auto * --enable-external-sharing --enable-external-masters * --enable-fs hugetlbfs --enable-fs tracefs --ext-mount-map console:/dev/pts/n @@ -218,7 +218,7 @@ DECLARE_ARG("--tcp-established"); DECLARE_ARG("--file-locks"); DECLARE_ARG("--link-remap"); - DECLARE_ARG("--manage-cgroups"); + DECLARE_ARG("--manage-cgroups=full"); DECLARE_ARG("--ext-mount-map"); DECLARE_ARG("auto"); DECLARE_ARG("--enable-external-sharing"); diff -Nru lxc-2.0.1/src/lxc/lxc_user_nic.c lxc-2.0.3/src/lxc/lxc_user_nic.c --- lxc-2.0.1/src/lxc/lxc_user_nic.c 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/src/lxc/lxc_user_nic.c 2016-06-28 19:39:28.000000000 +0000 @@ -41,7 +41,6 @@ #include #include #include -#include #include #include #include diff -Nru lxc-2.0.1/src/lxc/version.h lxc-2.0.3/src/lxc/version.h --- lxc-2.0.1/src/lxc/version.h 2016-05-16 20:38:54.000000000 +0000 +++ lxc-2.0.3/src/lxc/version.h 2016-06-28 19:39:51.000000000 +0000 @@ -25,8 +25,8 @@ #define LXC_VERSION_MAJOR 2 #define LXC_VERSION_MINOR 0 -#define LXC_VERSION_MICRO 1 +#define LXC_VERSION_MICRO 3 #define LXC_VERSION_ABI "1.2.0" -#define LXC_VERSION "2.0.1" +#define LXC_VERSION "2.0.3" #endif diff -Nru lxc-2.0.1/templates/lxc-debian.in lxc-2.0.3/templates/lxc-debian.in --- lxc-2.0.1/templates/lxc-debian.in 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/templates/lxc-debian.in 2016-06-28 19:39:29.000000000 +0000 @@ -242,6 +242,7 @@ download_debian() { packages=\ +init,\ ifupdown,\ locales,\ libui-dialog-perl,\ diff -Nru lxc-2.0.1/templates/lxc-oracle.in lxc-2.0.3/templates/lxc-oracle.in --- lxc-2.0.1/templates/lxc-oracle.in 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/templates/lxc-oracle.in 2016-06-28 19:39:29.000000000 +0000 @@ -145,21 +145,25 @@ # OL7 has systemd, no rc.sysinit if [ $container_release_major = "7" ]; then - # from mhw in the fedora template: We do need to disable the - # "ConditionalPathExists=/dev/tty0" line or no gettys are started on - # the ttys in the container. Lets do it in an override copy of the - # service so it can still pass rpm verifies and not be automatically - # updated by a new systemd version. - sed -e 's/^ConditionPathExists=/#LXC ConditionPathExists=/' \ - < $container_rootfs/usr/lib/systemd/system/getty\@.service \ - > $container_rootfs/etc/systemd/system/getty\@.service - # Setup getty service on the 4 ttys we are going to allow in the - # default config. Number should match lxc.tty - ( cd $container_rootfs/etc/systemd/system/getty.target.wants - for i in 1 2 3 4 ; do ln -sf ../getty\@.service getty@tty${i}.service; done ) - # We only want to spawn a getty on /dev/console in lxc, libvirt-lxc - # symlinks /dev/console to /dev/tty1 - sed -i '/Before=getty.target/a ConditionVirtualization=lxc' $container_rootfs/usr/lib/systemd/system/console-getty.service + # with newer systemd (OL7.2), getty service include container-getty.service + # let that be the one who manage the getty service instead + if [ ! -f $container_rootfs/usr/lib/systemd/system/container-getty@.service ]; then + # from mhw in the fedora template: We do need to disable the + # "ConditionalPathExists=/dev/tty0" line or no gettys are started on + # the ttys in the container. Lets do it in an override copy of the + # service so it can still pass rpm verifies and not be automatically + # updated by a new systemd version. + sed -e 's/^ConditionPathExists=/#LXC ConditionPathExists=/' \ + < $container_rootfs/usr/lib/systemd/system/getty\@.service \ + > $container_rootfs/etc/systemd/system/getty\@.service + # Setup getty service on the 4 ttys we are going to allow in the + # default config. Number should match lxc.tty + ( cd $container_rootfs/etc/systemd/system/getty.target.wants + for i in 1 2 3 4 ; do ln -sf ../getty\@.service getty@tty${i}.service; done ) + # We only want to spawn a getty on /dev/console in lxc, libvirt-lxc + # symlinks /dev/console to /dev/tty1 + sed -i '/Before=getty.target/a ConditionVirtualization=lxc' $container_rootfs/usr/lib/systemd/system/console-getty.service + fi # disable some systemd services, set default boot, sigpwr target rm -f $container_rootfs/usr/lib/systemd/system/sysinit.target.wants/kmod-static-nodes.service diff -Nru lxc-2.0.1/templates/lxc-plamo.in lxc-2.0.3/templates/lxc-plamo.in --- lxc-2.0.1/templates/lxc-plamo.in 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/templates/lxc-plamo.in 2016-06-28 19:39:29.000000000 +0000 @@ -49,7 +49,7 @@ CATEGORIES=${CATEGORIES-"00_base 01_minimum"} EXTRACTGRS=${EXTRACTGRS-""} IGNOREPKGS=${IGNOREPKGS-"grub kernel lilo linux_firmware microcode_ctl - cpufreqd cpufrequtils gpm"} + cpufreqd cpufrequtils gpm ntp kmod"} ADDONPKGS=${ADDONPKGS-"`echo contrib/Hamradio/{morse,qrq}`"} download_plamo() { @@ -222,6 +222,14 @@ sh /tmp/netconfig.rconly rm -f /tmp/netconfig.rconly sed -i '/cmdline/s/if/& false \&\&/' $rootfs/etc/rc.d/rc.inet1.tradnet + # /etc/rc.d/rc.inet2 + sed -i '/rpc.mountd/s/^/#/' $rootfs/etc/rc.d/rc.inet2 + sed -i '/modprobe/s/^/#/' $rootfs/etc/rc.d/rc.inet2 + # configure to start only the minimum of service + chmod 644 $rootfs/etc/rc.d/init.d/saslauthd + chmod 644 $rootfs/etc/rc.d/init.d/open-iscsi + rm -f $rootfs/etc/rc.d/init.d/postfix + rm -f $rootfs/var/log/initpkg/shadow return 0 } diff -Nru lxc-2.0.1/templates/lxc-ubuntu.in lxc-2.0.3/templates/lxc-ubuntu.in --- lxc-2.0.1/templates/lxc-ubuntu.in 2016-05-16 20:38:39.000000000 +0000 +++ lxc-2.0.3/templates/lxc-ubuntu.in 2016-06-28 19:39:29.000000000 +0000 @@ -342,7 +342,7 @@ ;; esac - packages_template=${packages_template:-"ssh,vim"} + packages_template=${packages_template:-"apt-transport-https,ssh,vim"} debootstrap_parameters= # Try to guess a list of langpacks to install @@ -359,7 +359,7 @@ debootstrap_parameters="$debootstrap_parameters --variant=$variant" fi if [ "$variant" = 'minbase' ]; then - packages_template="${packages_template},sudo,ifupdown,isc-dhcp-client,apt-transport-https" + packages_template="${packages_template},sudo,ifupdown,isc-dhcp-client" fi echo "Installing packages in template: ${packages_template}"